More than 1,000 service firms including digital lenders, hospitals, telcos, and educational institutions are being investigated for breach of privacy rules, exposing them to a possible fine of Sh5 million or up to one percent of their annual turnover if found culpable.
The Data Protection Commissioner Immaculate Kassait said most of the complaints involved the misuse of creditors’ data by digital lenders and the use of photos without permission.
“Investigations are ongoing and most of the cases we are dealing with involve the digital lenders but we are seeing increasingly in the area of the use of photography," Ms Kassait said on Wednesday at Moi University.
"Our emphasis is that even as you collect information that is sensitive or personal to an individual, it is important that as you do for commercial nature, you get their permission.”
Several service providers have recently been sanctioned for breach of privacy laws.
For example, the data commissioner in September last year slapped a digital credit provider, Mulla Pride Ltd, with a Sh2.97 million fine for violating data protection regulations.
The digital credit provider that operates KeCredit and Faircash, used names and contacts obtained from third parties to send messages and make phone calls.
The commissioner also fined Roma School Sh4.5 million for posting minors’ pictures without consent from their parents.
The Data Protection Act came into effect on November 25, 2019.